Snort mailing list archives
Snort PerfMonitor - IP-Flow behaviour
From: Dheeraj Gupta <dheeraj.gupta4 () gmail com>
Date: Tue, 4 Dec 2012 17:26:07 +0530
Hi, I am trying to use snort's perfmonitor pre-processor to find out traffic flowing between IP pairs. Earlier I configured the perfmonior to log evertything to a file using `preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 1000 max_file_size 100000` And it worked fine. Stats were written after every 300 seconds (or thereabout) Now I need the ip-flow info in a separate file. So I use the following line `preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats pktcnt 1000 max_file_size 100000 flow-ip flow-ip-file /var/log/snort/ipflow.csv flow-ip-memcap 10000000000` Again the snort.stats file gets populated normally, but the ipflow.csv file only updates when snort is stopped. I think the manual clearly states that "These statistics are printed and reset at the end of each interval.", so why are the IP Flow stats not printed at the end of each interval? Am I doing something wrong? Thanks
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort PerfMonitor - IP-Flow behaviour Dheeraj Gupta (Dec 04)
- Re: Snort PerfMonitor - IP-Flow behaviour elof (Dec 04)
- Message not available
- Re: Snort PerfMonitor - IP-Flow behaviour Dheeraj Gupta (Dec 04)
- Message not available
- Re: Snort PerfMonitor - IP-Flow behaviour elof (Dec 04)